[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Somebody's scanning my ports or what?



On Tue, 27 Apr 1999, Benoit.Joly wrote:

> im getting this kind of things about 2 or 3 times a week...
> with some netbus and bo try.
> 
> i sent lot of emails to their isp but still receive 2 or 3 attack per 
> week from other ips...
> 
> what should i do?, is there a way to protect me against this? currently i 
> have fakebo.
> 
> Benoit Joly
> 

You can not prevent your system from being scanned, all you can do is
control what is learned from the scan. It is not a crime, as far as I
know, to simply attempt connections to a machine on the public internet.

First thing I would do is only have ONE machine exposed directly to the
internet. Use this machine as a firewall/gateway for all the other
machines. Turn off all services on this machine that you are not using.
Carefuly plan and put into place a set of packet forwarding / masquerading
rules for traffic between your internal protected network and the public
internet. For services that you wish to provide to outside hosts, make a
separate network different from the internal network. This is commonly
called a "DMZ" in network documents.

So your internet firewall / gateway will probably have THREE interfaces if
you wish to provide public access to some services:

    1. The interface to the external internet.
    2. The interface to the private local network.
    3. The interface to the internal network with public services (www,
ftp, mail, news, etc.)

The whole world can access certain ports in your public access net ( 80,
21, 23, 25, 119, etc) Nobody in the outside world has direct access to
your internal net. Nobody on the public access net has access to your
internal net and your internal net has access to everything.




Reply to: